Former Amazon software engineer claims stealing 100 million customers’ data claims to have been probing for security weaknesses

36-year-old transgender former Amazon software engineer, Paige Thompson, stands accused of stealing over 100 million Capitol One customers’ personal data.

Transgender Capitol One hacker Paige Thompson

They allegedly hacked into Capitol One’s data storage and downloaded customer information including bank accounts, social security numbers, and other information from consumer credit card applications.

Accused of violating the Computer Fraud and Abuse Act, an anti-hacking law, they and their attorneys argue that Thompson’s actions were that of a “white hat hacker” (a benevolent hacker, sometimes employed by companies to find security weaknesses) who was proving for vulnerabilities for good reasons… despite downloading, stealing, over 100 million customers’ important personal data.

Some critics condemn the Computer Fraud and Abuse Act for its “loopholes” which allow for leniency for hackers who find vulnerabilities in a system, which is exactly what Thompson’s legal team is trying to exploit.
Prosecutors claim Thompson intended to use the stolen information to conduct identity theft. They also allege she took advantage of her access to corporate servers in a scheme to mine cryptocurrency.

From the Daily Mail:

Thompson’s lawyers have argued her discovery of the “flaws” in Capital One’s data storage system was part of “good-faith research.”

They claim her hacking methods “reflected the same practices used by legitimate security researchers” and fall under the Computer Fraud and Abuse Act statute that protects those who find vulnerabilities in online systems.

“They are interpreting a statute so broadly that it captures conduct that is innocent and as a society we should be supporting, which is security researchers going out on the internet and trying to make it safer,” defense attorney Brian Klein said.

Thompson’s federal trial begins on Tuesday as they face 10 counts of computer fraud, wire fraud, and identity theft. Conviction would mean up to thirty years in prison.

Join The Conversation. Leave a Comment.

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.